Latest CVE Feed
-
6.9
MEDIUMCVE-2025-62667
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: fro... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-62663
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - UploadWizard Extension allows Stored XSS.This issue affects Mediawiki - UploadWizard Extension: from master b... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2020-36853
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This make... Read more
Affected Products : map_builder_for_google_maps- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2017-20207
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attacke... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection